How to distinguish between Known IP and unknown IP

Question

i need to develop a web application that can identify a known machine and unknown by storing a pair(sourceIP,valid username) at server side for which previous login was successful.when anyone login from unknown machine how can be identified.web app is hosted in local host.is it possible to get the client ip.when retrieving client IP i get only 127.0.0.1 which is localhost.anyone having any idea...?

Answer 1

The short answer is that you can't always get the real client IP address.

If the client has an IP address of its own and connects directly to the server, then HttpServletRequest.getRemoteAddr() should return it. However:

• If the client's requests reach the server via a proxy or reverse proxy, then getRemoteAddr() will return the first upstream proxy address.

• If the client addresses the server as localhost when the request will come from localhost.

• If the client is behind a NAT gateway or an IPv4 <-> IPv6 bridge you are liable to see the IP address of the gateway or bridge.

Then there is the problem that the IP address might be spoofed.

In short security schemes that rely on knowing the real client IP address are often problematic.

---

If your problem is due to a reverse proxy (and seeing 127.0.0.1 would imply that), you can have the reverse proxy add a request header to the request to say what remote IP address it saw. Then the server needs to use that header instead of getRemoteAddr(). However, that won't help if the proxy didn't see the real client IP address.

Answer 2

In Servlet you do something like this:

public class GetAddress extends HttpServlet {
    public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
        String ip = request.getRemoteAddr();
        // now you can check if the ip exists and if not store it or do other usefull stuff ...
    }
}